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(57) Abstract: A method for executing secure data transfer between a communication device (1) and an application server (5) in a 
wireless network (2, 3), wherein a request requiring a secure transaction of data is sent from ether the communication device (1) or 
the server (5) (303), an agreement proposal for the secure transaction is sent to the communication device (1) (304), if the agreement 
proposal is considered acceptable (305), the agreement proposal is sent to a security adapter (6) (306). Details of the transaction are 
entered into a message (308) and sent to a smart card in order to activate a signing application (309) in the smart card. The details 
of the transaction are displayed on the communication device (310), and if the transaction is accepted (311), the signing application 
signs the data and sends it to the security adapter (6) via messages (313), the signature is verified, and the data is sent to the server 
(315). 
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TITLE: METHOD AND APPARATUS FOR 

EXECUTING SECURE DATA TRANSFER IN 
A WIRELESS NETWORK 



Field of the Invention 

The present invention relates to a method and appar- 
10 atus for secure data transfer between a communication de- 
vice and an application server in a wireless network, and 
more particularly to a method for secure data transfer 
between a communication device, provided with a SIM card, 
and an application server in a wireless network using WAP 
15 (Wireless Application Protocol) for the data transfer, 
wherein said SIM card contains a secret /private key, an 
algorithm for signing of data, a SAT application for 
handling the signing dialogue and the signing of data. 



20 



25 



30 



35 



Description of the Prior Art 

Several protocols for data transfer over wireless 
networks have been proposed by different mobile phone manu- 
factures. Ericsson, Motorola, Nokia Mobile Phones, and 
Uniwired Planet have developed a joint standard called 
Wireless Application Protocol (WAP) . The purpose of the 
Wireless Application Protocol is to provide operators, 
infrastructure and terminal manufactures, and content 
developers a common environment enabling development of 
advanced services for digital mobile phones and other wire- 
less terminals or portable communication devices. For 
example, the WAP enables e-mail and Internet access from a 
digital mobile phone. 

Certain services and WAP applications provided via 
Internet, such as ordering, order confirmations, bank 
services, etc, and associated transactions require a high 
level of security. 
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WO 99/01848 discloses a procedure, which is applic- 
able for the control of keys to applications making use of 
the subscriber identity module (SIM) in a mobile phone and 
for the control of license agreements concerning the use of 
5 such applications. Further, the procedure provides data 
security that allows safeguarding of the interests of the 
operator, module manufacturer, application developers and 
users of applications. A key list comprising one or more 
application-specific keys is stored in the subscriber iden- 
10 tity module. A corresponding list is also stored in an 

application control server connected to the network, which 
takes care of the control of applications stored in sub- 
scriber identity modules. The application stored in the 
subscriber identity module is activated and/or closed by 
15 using the key list. 

DE-A1-198 16 575 describes a method for running spe- 
cial applications, such as a virtual charge card, entirely 
or partly, in a SIM. Further, it is suggested using the SIM 
toolkit as a means for communication. Security is provided 
20 by means of the conventional security means and procedure 
of the SIM-card. For example, an anti theft security for 
the special application authorisation and the service data 
in combination with one or more PIN-codes of the SIM-card. 
WO 98/37663 discloses a method for checking author- 
25 isation incorporating a way to impart to a smart card an 
encryption key and including a way to cause a micropro- 
cessor, by means of the encryption key and at least one 
number, to perform a calculation whose result comprises a 
first signature. The signature together with said number 
30 are transferred to a system for which authorisation is to 

be shown which includes a computer in which said encryption 
key is stored. The computer is programmed to carry out the 
calculation to obtain the signature and then to compare the 
latter signature with the first signature for the verifica- 
35 tion. 



NSDOCID: <WO 01281 55A1_I_> 



WO 01/28155 3 PCT/SE00/01890 



In the above mentioned methods all information trans- 
fer is done through SAT (SIM Application Toolkit) applica- 
tions, in which the security solution also is implemented. 

Another way of solving the security problem is to 
5 provide one-time password pads, wherein a "new" password is 
entered via the key pad of the mobile phone or the communi- 
cation device every time an application is used. 

There are several problems and disadvantages associ- 
ated with the above mentioned prior art solutions. The 
10 security level is to low for higher values: passwords could 
be discovered and the password has to be entered manually 
making WAP applications very user unfriendly compared to 
for example pure SAT applications and, of course, the pass- 
word has to be remembered . 

15 

Summary of the Invention 

It is an object of the present invention to provide 
an improved method and system for executing secure data 
transfer between a communication device, provided with a 
20 smart card, such as a SIM card, and an application server 
in a wireless network using a data transfer protocol such 
as WAP (Wireless Application Protocol) for the data trans- 
fer. 

This is accomplished by a method and system according 
25 to the invention for executing secure data transfer on the 
application level for communication applications executing 
on mobile phones according to the invention. The smart card 
contains a secret/private key, an algorithm for signing of 
data, a signing application for handling the signing 
30 dialogue and the signing of data. A communiction applica- 
tion, such as a WAP application, is installed on the commu- 
nication device enabling communication with the application 
server by means of a dialogue, and information browsing on 
the server is initiated from the communication device, 
35 wherein data are transferred between the server and the 
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communication device. Further, a request requiring a secure 
transaction of data is send from the communication device 
to the server, and an agreement proposal for the secure 
transaction is send from the server to the communi -cation 
5 device. If the agreement proposal is considered acceptable, 
the agreement proposal is returned to a security adapter. 
The WAP application in the communication device is 
suspended or terminated. Details of the transaction to be 
secured and a sign request are entered into at least a 
10 message, such as SMS or USSD packets, from the adapter to 
the smart card in the communication device in order to 
activate the signing application. The details of the 
transaction and a prompt for an accept are displayed on the 
communication device. If the transaction is accepted, the 
15 signing application signs the data to be send with the 

secret/ private key by using the algorithm,' the signed data 
are send from the communication device to the security 
adapter via messages. The signature is verified and the 
verified signed data are send to the server for the final 
20 execution of the transaction. 

Another object of the invention is to provide an 
apparatus for connection to a wireless network for 
monitoring the data transfer between the communication 
device and the application server. 
25 This is accomplished by a security adapter according 

to the invention, providing a high level of security in 
data transfer on the application level for communication 
applications executing on communication devices. 

An advantage of the present invention is that a high 
30 level of security in the data transfer is achieved in 

combination with conventional WAP browsing. An additional 
advantage is that the application on the SIM card can be 
made very thin and flexible, because it only has to handle 
signing of data and no information or menu handling. 
35 Further, the system handling the information browsing "and 
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the system handling the security of the transacrtions are 
separated and, therefore, they can be uppdated and changed 
independently . 

5 Brief Description of the Drawings 

Other objects, advantages and features of the 
invention will become more apparent from the following 
detailed description when taken in conjunction with the 
accompanying drawings, in which 
10 FIG 1 illustrates a first embodiment of a network 

configuration comprising a security adapter according to 
the invention, 

FIG 2 illustrates a second embodiment of a network 
configuration comprising a security adapter according to 
15 the invention, 

FIG 3 is a flowchart of a first embodiment of the 
method according to the invention, and 

FIG 4 is a flowchart of a second embodiment of the 
method according to the invention. 

20 

Detailed Description of the Invention 

With reference to FIG 1 of the drawing, there is 
shown a first embodiment of a network configuration for 
executing secure data transfer between a communication 
25 device, such as a mobile phone, and an application server 
in a wireless network using WAP (Wireless Application 
Protocol) for the data transfer. The network configuration 
comprises a WAP (Wireless Application Protocol) mobile 
phone 1 - provided with a subscriber identity module (SIM) 

30 - for communication with a GSM (Global System for Mobile 
communications) mobile communication network 2. Addition- 
ally, the SIM card contains a secret/private key, an algo- 
rithm for signing of data to be transferred, and a SAT (SIM 
Application Toolkit) application for handling the signing 

35 dialogue and the signing of data. The GSM network 2 is 



3NSDOCID: <WO 0128156A1 I 



WO 01/28155 6 PCT/SEOO/01890 



connected to the Internet 3 via a WAP-gateway 4. Further, 
an application server 5 providing WAP applications is also 
connected to the Internet 3. Additionally, a security 
adapter 6 according to the invention is connected to the 

5 WAP-gateway for monitoring the communication between the 
mobile phone 1 and the application server 5. 

A second embodiment of a network configuration 
comprising a security adapter 6 according to the invention 
is shown in FIG 2. In this embodiment of the network 

10 configuration the security adapter 6 is connected to the 
application server 5. 

FIG 3 is a flowchart of a first embodiment of the 
method according to the invention for executing secure data 
transfer between a mobile phone and an application server 

15 in a wireless network. 

In a first step 301, a WAP application, such as a 
microbrowse, is installed on the mobile phone 1 enabling 
communication with the application server 5 by means of a 
WAP dialogue. 

20 A conventional information browsing session on the 

server is initiated either by a user (subscriber) from the 
mobile phone 1 or the application server 5 in step 3 02, 
wherein data are transferred to/from the mobile phone 1, 
over the GSM network 2 interfacing the Internet via the WAP 

25 gateway, from/to the application server 5. For example, a 

user browses to a web site providing information accessible 
via a WAP dialogue from the mobile WAP phone 1. The site 
belongs to a bookstore offering a service wherein books can 
be bought directly from the site. A book is selected by the 

30 user from a list of books presented on the site. When the 
user decides to bye the book he selects "order" from an 
order menu of the site. This action initiates a sequence of 
operations . 

First a request requiring a secure transaction of 
35 data is send from the mobile phone to the application 
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server 5 or from the application server to the mobile phone 
1 in step 303. An agreement proposal for the secure trans- 
action is send from the server 5 to the mobile phone in 
step 304. If the agreement proposal is considered accept- 
5 able by the user in step 305, the agreement proposal is 
send to the security adapter 6 in step 306, and the WAP 
application in the communication device is suspended or 
terminated in step 307. 

Details of the transaction to be secured and a sign 
10 request are entered into at least one SMS or USSD packet by 
the security adapter 6 in step 308. The SMS packet (s) is 
send from the security adapter 6 to the SIM card in the mo- 
bile phone in order to activate the SAT application in step 
309. The details of the transaction and a prompt for an 
15 accept from the user are displayed on the communication 

device in step 310. If the transaction is accepted in step 
311, the SAT application signs the data to be send with the 
secret/private key by using the algorithm in step 312. 

The signed data is send from the communication device 
20 1 to the security adapter 6 via SMS or USSD packets in step 
313. The security adapter 6 forwards the signature for 
verification in an entity, such as a backend system, opera- 
tively connected to the server 5 in step 314, and the veri- 
fied signed data is send to the server for the final execu- 
25 tion of the transaction in step 315. 

A flowchart of a second embodiment of the method 
according to the invention is shown in FIG 4. A WAP appli- 
cation is installed on the mobile phone 1 enabling communi- 
cation with the application server 5 by means of a WAP 
30 dialogue in step 401. 

Information browsing on the server 5 is initiated 
from either the application server 5 or the mobile phone 1, 
wherein data are transferred over the network between the 
application server 5 and the mobile phone 1 in step 402. 
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Similar to the first embodiment described above, a 
request requiring a secure transaction of data is send 
either from the mobile phone 1 to the application server 5 
in step 403, or from the application server 5 to the mobile 

5 phone 1. However, in this embodiment of the invention an 
agreement proposal for the secure transaction is send from 
the server 5 directly to the security adapter 6 in step 
404, and the WAP application in the communication device is 
suspended or terminated in step 405. 

10 Then, details of the transaction to be secured and a 

sign request are entered into at least one SMS or USSD 
packet in step 406, the at least one packet is send from 
the security adapter 6 to the SIM card in the communication 
device 1 in order to activate the SAT application in step 

15 407. Further, the details of the transaction are displayed 
on the mobile phone 1 and it is prompted for an accept from 
the user in step 408. Thus, if the agreement proposal is 
considered acceptable and the transaction is accepted in 
step 4 09, the SAT application signs the data to be send 

20 with the secret /private key by using the algorithm in step 
410 . 

The signed data is send from the mobile phone 1 to 
the security adapter via SMS or USSD packets in step 411, 
the signature is verified in an entity operatively con- 

25 nected to the server 5 in step 412, and the verified signed 
data is send to the server for the final execution of the 
transaction 413 . 

It is to be understood that even though numerous 
features and advantages of the present invention have been 

30 set forth above, together with details of the configuration 
and function of the invention, . the disclosure is illus- 
trative only. 

For example, in alternative embodiments of the inven- 
tion the security application on the SIM can be activated 
35 either directly from the mobile phone or from a bluetooth 
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connection. In theses cases the answer could be stored in 
an Elementary File on the SIM card for later retrieval. 
Further, this should be combined with another Elementary 
File containing the status of the action. 

5 In another embodiment of the invention a more generic 

solution for handling the dialogue with the user is imple- 
mented. A command interpreter implemented on the SIM card 
is used, allowing more dynamic downloading /updating of com- 
mands defining the application that communicates with the 

10 user. 

In an alternative embodiment of the network config- 
uration any communication device having transmitting 
/receiving capability, such as a portable computer, can be 
provided with a smart card for secure data transfer over a 
15 wireless network. 

In still another embodiment of the invention the 
mobile phone have means whereby the user can be assured 
that he is really communicating directly with the security 
application and not with an application impersonating the 
20 real application. This is implemented as a particular icon, 
character, font, colour etc only available to certain 
applications or the operating system in the phone. 

In one embodiment of the security adapter 6, it is an 
electronic apparatus with digital computer capabilities and 
25 an internal memory for storage of a computer program 

product or element. The computer program product comprises 
software code portions for performing the operation and 
functions of the security adapter 6, i.e receive an agree- 
ment proposal for a secure transaction from the communica- 
30 tion device 1, create and send a message to the communica- 
tion device in order to activate the signing application, 
receive signed data send from the communication device 1, 
and send the signed data for verification and then further 
to the application server 5 for execution of the transac- 
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tion. In an alternative embodiment, the computer program 
element is embodied on a computer readable medium. 
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CLAIMS 

I. A method for executing secure data transfer 
between a communication device (1) and an application 
server (5) , wherein data are transferred over a network 
5 (2,3) between the application server (5) and the communica- 
tion device (1) (301,302/401,402), 
characterised by 

sending an agreement proposal for a secure transac- 
tion of data from the server (5) to a security adapter (6) 
10 connected to the network (2,3) (303,304,305,306/403,404), 
creating and sending a message from the security 
adapter (6) to the communication device (1) in order to 
activate a signing application 
(307,308,309, 310 ; 405 , 406 , 407 , 408 ) , 
15 the signing application signing the data to be send 

(311,312/409,410) , 

sending the signed data from the communication device 
(1) to the security adapter (6) (313/411), 

verifying the signature (314/412) for the data, and 
20 sending the verified signed data to the server for 

execution of the transaction (315/413). 



2 . A method according to claim 1 , characterised in 
that information browsing on the server (5) is initiated 
25 from either the application server (5) or the communication 
device (1) , wherein data are transferred over the network 
(2,3) between the application server (5) and the communica- 
tion device (1) (301,302/401,402). 

30 3. A method according to claim 1 or 2 , characterised 

by, before the step of sending an agreement proposal, the 

further step of : 

sending a request requiring a secure transaction of 

data, either from the communication device (1) to the 
35 application server (5) (303/403), or from the application 

server (5) to the communication device (1) . 
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4. A method according to any of the preceding claims, 
characterised in that the step of sending a message from 
the security adapter (6) to the communication device (1) in 

5 order to activate a signing application further comprises 
the steps of : 

entering details of the transaction to be secured and 
a sign request into at least one message (308/406), 

sending the at least one message from the security 
10 adapter (6) to a smart card in the communication device (1) 
for activating the signing application (309;407), 

displaying the details of the transaction and a 
prompt for an accept on the communication device (1) 
(310;408) . 

15 

5. A method according to any of the preceding claims, 
characterised in that the step of signing the data further 
comprises the step of: 

accepting the transaction (311;409), the signing 
20 application signing the data to be send with a 

secret /private key by using an algorithm (312,410). 

6. A method according to any of the preceding claims, 
characterised in that the step of sending an agreement 

25 proposal comprises the further step of: 

sending the agreement proposal for the secure trans- 
action from the server (5) to the communication device (1) 
(304) for acceptance (305) before the agreement proposal is 
send to the security adapter (6) (306) . 

30 

7. A method according to any of the claims 4-6, char- 
acterised in that the smart card is a SIM card (subscriber 
identity module) , the data transfer protocol is the WAP 
(Wireless Application Protocol) , the signing application is 

35 a SAT (SIM Application Toolkit) application, the communica- 
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tion application is a WAP application, and the message is 
at least an SMS or USSD packet. 

8. A method according to claim 7, characterised in 
5 that the WAP application in the communication device is 

suspended or terminated when the SAT application is activ- 
ated (307,405) . 

9. A system for executing secure data transfer be- 

10 tween a communication device (1) and an application server 
(5) over a wireless network (2,3), characterised by a 
security adapter (6) connected to the network (2,3) for 
monitoring the data transfer between the communication 
device (1) and the application server (5) , wherein 

15 said server (5) is adapted to send an agreement pro- 

posal for a secure transaction of data to the security 
adapter (6) , 

said security adapter (6) is adapted to receive said 
agreement proposal for a secure transaction from the server 
20 (5) , and create and send a message to the communication 
device (1) for activating a signing application, 

said communication device (1) is adapted to sign the 
data, and send the signed data to the security adapter (6) , 

said security adapter (6) is adapted to receive, and 
25 send the signed data for verification and then send the 
verified signed data to the application server (5) for 
execution of the transaction. 

10. A system according to claim 9, characterised in 
30 that said communication device (1) comprises a secret/ 

private key, an algorithm for signing of data, and a sign- 
ing application for handling a signing dialogue and the 
signing of data. 
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11. A system according to claim 10, characterised in 
that said secret/ private key, said algorithm, and said 
signing application is stored on a smart card such as a SIM 
card (subscriber identity module) , the data transfer proto- 

5 col is the WAP (Wireless Application Protocol) , the signing 
application is a SAT (SIM Application Toolkit) application, 
and the message is at least an SMS or USSD packet. 

12. A system according to any of the claims 9-11, 
10 characterised in that said network comprises a mobile 

telephone network (2) for connection to the communication 
device (1) , the Internet (3) for the connection to the 
application server (5) , and a WAP gateway (4) connecting 
the mobile telephone network (2) to the Internet (3) . 

15 

13. A system according to claim 12, characterised in 
that said security adapter (6) is connected to the WAP 
gateway (4) . 

20 14 . A system according to any of the claims 9-12, 

characterised in that said security adapter (6) is 
connected to the application server (5) . 

15. A system according to any of the claims 9-14, 
25 characterised in that said communication device is a 

mobile phone (1) or a portable computer having transmitting 
/receiving capability . 

16. A system according to claim 15, characterised in 
30 that the mobile phone comprises means for displaying a 

particular icon, character, font, or colour connected to 
certain applications or the operating system in the phone, 
wherein the user can be assured that he is really communi- 
cating directly with the security application. 

35 
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17, .A security adapter for connection to a wirless 
network (2,3) for monitoring the data transfer between a 
communication device (1) and an application server (5) 
connected to the network, characterised by 
5 means for receiving an agreement proposal for a 

secure transaction from the communication device (1) , 

means for creating and sending a message to the com- 
munication device (1) in order to activate a signing appli- 
cation, 

10 means for receiving signed data send from the com- 

munication device (1) , and 

means for sending the signed data for verification 
and then to the application server (5) for execution of the 
transaction . 

15 

18. A computer program product directly loadable into 
the internal memory of a security adapter (6) with digital 
computer capabilities, characterised by comprising software 
code portions for performing the steps of : 
20 receiving an agreement proposal for a secure transac- 

tion from a communication device (1) , 

creating and sending a message to the communication 
device (1) in order to activate a signing application, 

receiving signed data send from the communication de- 

25 vice (1) , and 

sending the signed data for verification and then to 
an application server (5) for execution of the transaction. 

19, A computer program element comprising computer 
30 program code means to make a security adapter (6) with 
digital computer capabilities execute the steps of: 

receiving an agreement proposal for a secure transac- 
tion from a communication device (1) , 

creating and sending a message to the communication 
35 device (1) in order to activate a signing application, 
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receiving signed data send from the communication 
device (1) , and 

sending the signed data for verification and then to 
an application server (5) for execution of the transaction. 

20. A computer program element as claimed in claim 19 
embodied on a computer readable medium. 
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